Vulnerability CVE-2017-14496


Published: 2017-10-02   Modified: 2017-10-03

Description:
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Dnsmasq < 2.78 Integer Underflow
Multiple
03.10.2017

Type:

CWE-191

(Integer Underflow (Wrap or Wraparound))

Vendor: Debian
Product: Debian linux 
Version:
9.0
7.1
7.0
Vendor: Google
Product: Android 
Version:
8.0
7.1.2
7.1.1
7.0
6.0.1
6.0
5.1.1
5.0.2
4.4.4
Vendor: Redhat
Product: Enterprise linux server 
Version: 7.0;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;
Vendor: Novell
Product: LEAP 
Version: 42.3; 42.2;
Vendor: Thekelleys
Product: Dnsmasq 
Version: 2.77;
Vendor: Canonical
Product: Ubuntu linux 
Version:
17.04
16.04
14.04

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
http://www.debian.org/security/2017/dsa-3989
http://www.securityfocus.com/bid/101085
http://www.securityfocus.com/bid/101977
http://www.securitytracker.com/id/1039474
http://www.ubuntu.com/usn/USN-3430-1
http://www.ubuntu.com/usn/USN-3430-2
https://access.redhat.com/errata/RHSA-2017:2836
https://access.redhat.com/security/vulnerabilities/3199382
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
https://security.gentoo.org/glsa/201710-27
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://source.android.com/security/bulletin/2017-10-01
https://www.exploit-db.com/exploits/42946/
https://www.kb.cert.org/vuls/id/973527
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Related CVE
CVE-2019-2201
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. U...
CVE-2013-1429
Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
CVE-2019-17134
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via sim...
CVE-2019-17266
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
CVE-2019-16866
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2019-16928
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript...
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...

Copyright 2019, cxsecurity.com

 

Back to Top